self-hosted/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-07-15 01:34:16 +02:00
Code Issues Releases Activity

[Web] hide auth settings for external users

Browse Source
This commit is contained in:
FreddleSpl0it
2023-05-25 10:06:55 +02:00
committed by DerLinkman
parent 4dc3222f03
commit 5545d8a56c
4 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
data/web/inc/functions.auth.inc.php
View File

@ -235,8 +235,11 @@ function mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal
$protocol = 'sieve';
} else if ($app_passwd_data['pop3']){
$protocol = 'pop3';
} else if (!$is_internal) {
return false;
}
// fetch app password data
$stmt = $pdo->prepare("SELECT `app_passwd`.`password` as `password`, `app_passwd`.`id` as `app_passwd_id` FROM `app_passwd`
INNER JOIN `mailbox` ON `mailbox`.`username` = `app_passwd`.`mailbox`
@ -249,11 +252,8 @@ function mailcow_mbox_apppass_login($user, $pass, $app_passwd_data, $is_internal
:has_access_query"
);
// check if app password has protocol access
// skip if protocol is false and the call is not external
$has_access_query = '';
if (!$is_internal || ($is_internal && !empty($protocol))){
$has_access_query = " AND `app_passwd`.`" . $protocol . "_access` = '1'";
}
// skip if protocol is false and the call is internal
$has_access_query = ($is_internal && $protocol === false) ? "" : " AND `app_passwd`.`" . $protocol . "_access` = '1'";
// fetch password data
$stmt->execute(array(
':user' => $user,